<?php
/******************************************
 * Author: <YOUR NAME HERE>
 * Description: <YOUR DESCRIPTION HERE>
 ******************************************/
class Category extends CustomSecurity { 


	function Category($db){
    }

	/***********************************
 	 * Add:         Allows the insertion of values into the Table.
 	 * Parameters:  $category_id, $category_name
 	 * Return:      (Boolean) True - Successfully Inserted | False - Error
 	 ************************************/
	function add($category_name){ 

		escape_string($category_name);

		$statement = "INSERT INTO category (category_name) VALUES ( '$category_name');";
			$results   = mysql_query($statement);

		if($results){
			return true;
		}else{
			return false;
		}

	}//End add()


	/***********************************
 	 * Remove:      Allows for the removal of record from the database.
 	 * Parameters:  (String)Primary Key Column Name | (Int) Primary Key Value
 	 * Return:      (Boolean) True - Successfully Removed | False - Error
 	 ************************************/
	function remove($primaryKeyValue){ 

		escape_string($primaryKeyValue);

		$statement = "DELETE FROM category WHERE id = '$primaryKeyValue'";
	//	var_dump($statement);
		$results   = mysql_query($statement);

		if($results){
			return true;
		}else{
			return false;
		}

	}//End remove()


	/***********************************
 	 * Update:      Allows for the update of a record from the database.
 	 * Parameters:  (String)Primary Key Column Name | (Int) Primary Key Value | (String) Column Name To Update | (String) New Value
 	 * Return:      (Boolean) True - Successfully Updated | False - Error
 	 ************************************/
	function update($columnNameToUpdate, $columnValue){ 

		escape_string($columnNameToUpdate);
		escape_string($columnValue);

		$statement = "UPDATE category SET $columnNameToUpdate = '$columnValue' WHERE $columnNameToUpdate = '$columnValue'";
		$results   = mysql_query($statement);
		if($results){
			return true;
		}else{
			return false;
		}

	}//End update()


	/***********************************
 	 * GetAll:       Returns all the records in the database.
 	 * Parameters:   NA
 	 * Return:      (MultiDimensional-Array)String
 	 ************************************/
	function getAll(){ 

		//Custom SQL Injection Escaping HERE

		$statement = "SELECT category_name FROM category";
		$mresults   = mysql_query($statement);
		
		$tokens[0] = "category_name";
		
		return transformResults($mresults, $tokens);

	}//End getAll()
	
	function getAllAdmin(){ 

		//Custom SQL Injection Escaping HERE
		

		$statement = "SELECT id, category_name FROM category";
		$mresults   = mysql_query($statement);
		
		$tokens[0] = "id";
		$tokens[1] = "category_name";
		
		return transformResults($mresults, $tokens);

	}//End getAll()

	/***********************************
 	 * GetObject:   Returns a specific record form the batabase.
 	 * Parameters:  (Int) Primary Key Value
 	 * Return:      (Array)String
 	 ************************************/
	function getObject($primaryKeyValue){ 

		escape_string($primaryKeyValue);

		$statement = "SELECT category_id, category_name FROM category WHERE ".$primaryKeyName." = '".$primaryKeyValue."'";
		$mresults   = mysql_query($statement);
		
		$tokens[0] = "category_id";
		$tokens[1] = "category_name";
		
		return transformResults($mresults, $tokens);

	}//End getObject()


}//End Class Category
?>